Why? Having talked to a lot of people who hold this position, the only underlying thought I've been able to discern is that you can't conceive of any time someone else holding encrypted data could hurt you.
If this phone instead belonged to a living rapist or paedophile instead of a terrorist, and was the only evidence proving their guilt, would you feel the same?
Let's not pretend that this is a new issue for American society. We have almost 250 years of making these sorts of decisions.
For example, we know that bad guys use guns to commit crimes, yet we're very very reluctant to ban guns. Bad guys use cars, but we don't require cars to come with remote kill switches.
Bad guys use encryption. Shall we therefore ban it? Or destroy its effectiveness? Do any good guys use encryption? And should we take those uses in to consideration as we think about public policy?
The President of the U.S. uses an iPad. Millions of federal employees, including FBI agents, use iPhones. Let's think about the implications of punching a hole in the security of those devices.
It's very easy to make decisions when one ignores the broader context and consequences. That doesn't mean it's the right way to make decisions.
(To play devils advocate, coming from the perspective of my retired LEO friend)
legal warrants can we written to seize guns which can then be tested and information extracted from them.
Legal warrants can be written to search and seize cars, so they can be searched and extensively examined to extract information/evidence from them.
The argument goes that right now, warrants can be written to gain access to basically everything a criminal has/owns/has been in contact with so that it can all be gobbled up and analyzed.
People supporting the government in this believe the same is true for digital data - they don't care that it's on a phone or laptop or "online", they just think a warrant should let the government access it. If Apple can do it, then they must.
(Note I don't personally agree with that, but I understand it)
Which is why they ought to ensure that they cannot do it. And it's why we should resist any law mandating that they be forced to include a pre-emptive backdoor.
The needs of the many outweigh the needs of the few; if it's a choice between no encryption and a marginal increase in the conviction rate, or strong encryption and a marginal decrease in the conviction rate, I'm in favour of the latter.
But of course bad people can still use extra encryption, so lack of default encryption will mostly hurt good people. This increases the amount by which the detection and conviction rate needs to improve to justify the intrusion.
I think it comes down to how willing you are to let bad people get away with their crimes vs lose your own right to privacy in a world where more and more of your private life and thoughts are stored digitally.
I know I find myself increasingly self-censoring in case what I write gets taken out of context and used against me. I have to second-guess some third party reading my emails, my private notes, etc., and I really don't like that feeling. It doesn't take long for political winds to change, and we're not long past times where people were put to death for what they wrote or who they were.
> The needs of the many outweigh the needs of the few
No, they don't. We live in nations with individual rights. The US specifically is a nation without acceptable levels of healthcare. The needs of the many clearly do not outweigh the needs of a few.
> But of course bad people can still use extra encryption, so lack of default encryption will mostly hurt good people
This is a non sequitur driven by a false dichotomy. Nobody is suggesting the removal of encryption.
> I think it comes down to how willing you are to let bad people get away with their crimes vs lose your own right to privacy in a world where more and more of your private life and thoughts are stored digitally.
How many criminals are you willing to let get away with their crimes? Apple has currently built a system that allows child abusers and some rapists to be all but immune from conviction.
> How many criminals are you willing to let get away with their crimes? Apple has currently built a system that allows child abusers and some rapists to be all but immune from conviction.
Nonsense! Believe it or not, prior to the existence of smart phones it was possible to convict people of abuse and rape; in fact, it happened quite regularly. The evidence against such criminals need not be on a smartphone; after all, there are the victims; there are witnesses; there is forensic evidence.
> Nonsense! Believe it or not, prior to the existence of smart phones it was possible to convict people of abuse and rape; in fact, it happened quite regularly. The evidence against such criminals need not be on a smartphone; after all, there are the victims; there are witnesses; there is forensic evidence.
So this means it's OK to withold access to evidence, even if you are simply a private company with no legal standing? No of course it doesn't.
Please, tell me how a paedophile I know exists and uses an iPhone can be prosecuted for the contents of that device. I'm fairly sure he has taken illegal photos of children he may be abusing, but he lives in Cambodia.
>How many criminals are you willing to let get away with their crimes?
So you are saying Apple is only helping criminals with encryptions?
And because weakening encryption can not only be used in special cases (you mention child abusers and rapists in an attempt to appeal to emotions), you don't fear encryption being used against the average person?
For example if the police would search your phone in a traffic stop, that would be okay?
The amount of cases you could solve with a crypto backdoor seem very small in comparison the risks for the average citizen. Privacy is an important right for everyone.
> So you are saying Apple is only helping criminals with encryptions?
No I'm saying that arrogantly the people behind these decisions cannot imagine a scenario in which someone else could hold information about them that would be harmful just by its existence.
They can only imagine their secrets being revealed, such as Tim Cook being outed before he was satisfied.
> you don't fear encryption being used against the average person?
I'm confused as to what you're asking, that's exactly what I fear. A rapist taking photos of his victim, the evidence being insufficient for a conviction, Apple now protects that rapist and his access to his victim's photos at the cost of the victim's mental health.
> For example if the police would search your phone in a traffic stop, that would be okay?
If they had good reason, that's the basis of the legal system after all.
> The amount of cases you could solve with a crypto backdoor
Crypto backdoors are ineffective. Service provider accountability is. This is why Apple is fighting it.
Oh no, crypto backdoors are quite effective at their stated purpose - letting an authority break it when they desire. See also the Clipper chip, DUAL_EC, and so on.
The problem is that we're no longer talking about physical devices like a gun or a safe, we're talking about math. Breaking crypto is basically solving a math problem. If for any reason the problem is solved, it's forever solved, and expecting that solution to stay in a few trusted hands against nation-state level actors (or hell, even motivated security professionals) is absurd.
The issue here is that the FBI is demanding that Pandora's box be opened. There is no closing it again. Are you ready to sacrifice the safety of every iPhone everywhere based on a promise from the FBI?
I disagree with your healthcare analogy. It is in the interest of the many for the US to have widespread, cheap, available healthcare. It would give our citizens longer, healthier lives, which from a purely economic standpoint would allow them to work longer and increase GDP.
The US already spends significantly more per capita on healthcare than countries like the UK that have socialized it. Right now, the needs of the few (for insurance companies to make huge amounts of money) are outweighing the needs of the many. I suspect that will change over the coming decades, but there's a long political battle to fight before we see any real change.
> I disagree with your healthcare analogy. It is in the interest of the many for the US to have widespread, cheap, available healthcare. It would give our citizens longer, healthier lives, which from a purely economic standpoint would allow them to work longer and increase GDP.
I agree it is, but my point is that despite this, it is not implemented in any way. The needs of the many in the US do not outweigh the needs of the few. Nor in most cases should they. Individual healthcare has no significant harm to it, but prohibiting the searching of communications and data on someone's primary computer has major harm implications.
> If the needs of the many don't outweigh the needs of the few, then why does the total number of criminals matter?
Because the victims matter.
> If I want to buy strong encryption with no backdoor, and I'm not a criminal, then why would the issue of crime matter at all?
Being a criminal isn't an attribute of a person, it's the actions the person carries out. I don't give a shit about jaywalking, but I care about rape victims. This is not inconsistent.
The 4th amendment also helps pedophiles and rapists get away with crimes. It's obvious why police need some limits on their investigative powers.
Are you also in favor of DNA typing and fingerprinting everyone at birth into a national database? How about requiring all citizens to carry a GPS locator, camera and microphone which are always recording into a national database? We could always just limit access behind a warrant, right?
We create limits on police power because police abuse that power and it harms a free society. Backdoors into our personal electronic devices should not be allowed for the same reason.
> Are you also in favor of DNA typing and fingerprinting everyone at birth into a national database?
Yeah this has a lot of benefits and helps catch criminals extremely quickly. It has virtually no privacy implications. I'm fine with it and some nations do it.
> How about requiring all citizens to carry a GPS locator, camera and microphone which are always recording into a national database? We could always just limit access behind a warrant, right?
This is about the most disproportionate act I can imagine. If you have to reach this far, you don't have any point to defend.
Glad to see we found some common ground. That smartphone you're carrying... once companies can be compelled to backdoor them that's exactly the world we would be living in.
Well why don't we wait for that to be suggested to start getting outraged. In the case at hand, I don't believe Apple for a second that they would be decreasing the security for any other phone by complying with the FBI request. They're lying or exaggerating as far as I can tell.
It's a very bad idea to wait until after the precedent is set to try to ensure that this does not become routine. It's crucial to have the debate now, before the precedent is set, because of the way the US legal system works. If you can establish that under the AWA Apple must comply with this request for a backdoor, then future attempts to compel the creation of additional backdoors on any electronic device (think "Internet of Things") are approved as a matter of course.
While you might believe that Apple is capable of keeping the backdoor from being used unlawfully (although, why would you when they clearly failed to secure the 5c from this attack in the first place!) how about every other electronics manufacturer in the world?
> It's a very bad idea to wait until after the precedent is set to try to ensure that this does not become routine.
Well then why don't we start making this case about abortion rights precedent, for how applicable it is? This has nothing to do with the general practice of making devices backdoorable in general. It is a straight forward search of a device with a warrant.
Apple failed to secure the 5c, but they don't have to fail to secure others. I have every reason to believe they could have made the phone refuse to install updates without a user password, which would make this backdoor impossible.
> It is a straight forward search of a device with a warrant.
No, its not.
If it were a straightforward search of a device with a warrant, then -- the FBI having the device and the warrant -- no third party would have to be compelled to be involved.
That they are trying to compel Apple to write special software to enable what the FBI wants very clearly demonstrates that it is nothing like a straightforward search of a device with a warrant.
Hmm, that seems untrue. Is this the first case where an agency had to get some assistance from a third party to execute a warrant? Like, getting access to a storage unit, or getting access to documents? In the case of a locked door, don't you think it would be reasonable to require a landlord or such to unlock the door if they could? Especially if the walls were literally impenetrable.
I don't know. It seems like that is the way the law works now. If it's not what we want, maybe that should be the discussion. But this doesn't seem fundamentally different than any other normal search order. Superficially different, sure. Instead of simply unlocking a door, it's more like Apple has the blueprints for how to make a key and they're being asked to do so. Apple is implying (but strangely, not explicitly saying) that they can't do that without harming security for other people. I don't believe it, or they should come out and say that.
And lastly, I think it's splitting hairs to complain that they're being asked to write special software rather than just hand over documents or unlock a door. To a lay person that may seem like an over burden, but for SMEs it should be pretty easy. If it isn't easy, again, that should be what Apple says, but they haven't. Because it's embarrassing for them.
The position Apple should be in, is to say "we cannot comply with this request". That would be great. But they can, pretty easily I would guess, so they're beating around the bush instead.
> If this phone instead belonged to a living rapist or paedophile instead of a terrorist, and was the only evidence proving their guilt, would you feel the same?
Yes. There are many cases where the only evidence against someone lives inside his own head, and the State has no right to compel someone to give evidence against himself. Likewise, there are cases where someone has encrypted the only evidence against him, and the State has no right to compel him to decrypt that evidence.
> Likewise, there are cases where someone has encrypted the only evidence against him, and the State has no right to compel him to decrypt that evidence.
My country does.
> How often is any crime perfect, anyway?
Significantly more often if Apple gets their way, as they provide guarantees backed by the richest company in the world. Taking a photo of your rape victim used to be idiotic and a way to get caught. Now it's a way to keep power over your victim as Apple will protect that photo.
Why? Having talked to a lot of people who hold this position, the only underlying thought I've been able to discern is that you can't conceive of any time someone else holding encrypted data could hurt you.
If this phone instead belonged to a living rapist or paedophile instead of a terrorist, and was the only evidence proving their guilt, would you feel the same?